Описание
Cross-site Scripting in @spscommerce/ds-react
Impact
XSS, anyone using the SPS Select with options prop populated from user input is impacted. If these options are stored, then it could have been a stored XSS.
Patches
The code has been patched for version 7 of woodland. Users should upgrade to 7.17.4 or higher
Workarounds
This is not recommended. If you are not upgrading then you would need to sanitize your options yourself (including those currently stored in databases). This is not recommended.
References
Пакеты
Наименование
@spscommerce/ds-react
npm
Затронутые версииВерсия исправления
>= 4.12.2, < 7.17.4
7.17.4
Дефекты
CWE-79
Дефекты
CWE-79